Enterprise risk management has never been more important in helping senior management and executives navigate uncertainty and achieve business objectives. One only needs to consider the challenges related to Brexit, cyber threats, supplier risk management and organisational resilience to see its relevance to the business agenda. Informed decision making is vital to the long term success of any organisation.

However, implementing effective risk management can be challenging.

While formalised risk management is necessary, it has often become bureaucratic and overly complicated and the domain of specialists as opposed to something that is truly embedded and contributed to by all. This can be attributed to approaches which are overly top-down and corporate governance centric. In such cases, risk professionals spend their time educating risk owners on how to comply with reporting requirements and annual risk assessments rather than seeking to gain buy-in and help develop an architecture that provides real business benefit from the outset.

URM believes that a different approach is required.

We have, therefore, taken a step back and reviewed the principles outlined in ISO 31000:2009 (the International Enterprise Risk Management Standard) and in the forthcoming revision ISO/DIS 31000: 2017. We have turned the principles into practical questions to drive improvement at framework and process level to achieve target outcomes. These outcomes have been termed as the 9 Signs of Effective Risk Management. We have also reviewed Abriska 31000, URM’s enterprise risk management tool, to ensure that it can support the target outcomes set out below.

The 9 Signs of Effective Risk Management are:

  • Creating and protecting value
  • Integrated into business processes leading to improved decision making
  • Structured approach providing consistent, comparable and reliable results
  • Customised to the objectives and context of the organisation
  • Includes timely and appropriate stakeholder engagement
  • Being dynamic and responsive to change
  • Providing the most appropriate information available when decisions made
  • Aligning human and cultural factors with risk appetite
  • Continual improvement leading to improved organisational performance and resilience

To help understand the extent to which target outcomes are being achieved, we have developed a set of 26 questions. Completion of these questions will help you determine your overall compliance with the 9 signs of effective risk management.

Whether your programme is relatively mature or if you are looking to build out your capability – particularly if you are new to the risk management requirements set out in Annex SL of management system standards such as ISO 9001 and ISO 14001 – the URM compliance questionnaire will provide you with a valuable insight into the effectiveness of your risk management programme.